دانلود CBTNuggets - EC Council Certified Ethical Hacker v9.0 - فیلم آموزش مدرک هکر اخلاقی

Welcome (4 min)
Keith shares some tips on how to get the most out of this course

Building a LAB: Concepts (6 min)
Keith provides an overview of how using a Hypervisor, such as VMware Workstation, can provide LAB VM connections to a live network, or an isolated virtualized network

Building a LAB: Networking (9 min)
Keith demonstrates how to configure networking in VMware Workstation, as part of a virtualized lab environment

Deploy a Kali Linux VM (14 min)
Keith demonstrates how to download, deploy, and update a Kali Linux VM as part of a lab test environment

Adding Metasploitable to Your Lab (11 min)
Keith describes and demonstrates downloading and deploying a vulnerable version of Ubuntu Linux, called Metasploitable, to your lab environment

Adding Windows to Your Lab (14 min)
Keith demonstrates how to document and verify the Windows computers that you may include as part of your lab. These may include both physical and/or virtual machines

Configure a Static IP on Kali (5 min)
Keith demonstrates one method of configuring a static IPv4 address on the Kali Linux Virtual Machine (VM)

Windows Evaluations (7 min)
Keith describes and demonstrates how you can get evaluation versions of popular Windows products for use in your lab. It is strongly recommended that you build your own lab, so you can practice and follow along as you build your skills

Deploy Windows 8.1 (15 min)
Keith demonstrates the installation and configuration of Windows 8.1 within VMware Workstation. For an evaluation license of Windows, please refer to the previous Nugget titled: Windows Evaluations

Deploy Windows 2012 (11 min)
Keith demonstrates the installation and configuration of Windows 2012 Server within VMware Workstation. For an evaluation license of Windows, please refer to the previous Nugget titled: Windows Evaluations

Deploy Windows 10 (7 min)
Keith demonstrates the installation and configuration of Windows 10 within VMware Workstation. For an evaluation license of Windows, please refer to the previous Nugget titled: Windows Evaluations

Deploy Windows 2016 (7 min)
Keith demonstrates the installation and configuration of Windows 2016 within VMware Workstation. For an evaluation license of Windows, please refer to the previous Nugget titled: Windows Evaluations

Ethics and Hacking (10 min)
Keith describes several classes of hackers, and explains how studying and following the code of ethics can assist you in keeping out of trouble

Hacking Vocabulary (6 min)
Keith walks you through valuable hacking terms to build your hacking vocabulary

InfoSec Concepts (5 min)
Understanding the concepts of Information Security (InfoSec) can assist you in looking for vulnerabilities and weakness in systems as part of ethical hacking

Attack Categories, Types, and Vectors (5 min)
In preparation for the demonstration of many attack tools, it is important to be familiar with the categories, types, and vectors that are associated with attacks. In this Nugget, Keith provides an overview of the categories, types, and vectors that are often used in attacks

Five Phases of Hacking (5 min)
Keith describes a 5-phase model for hacking

Footprinting and Reconnaissance Concepts (11 min)
Keith describes the ideas behind footprinting, what information might be collected, and methods for collecting that information. Demonstrations of several of the tools used for collection are in the following Nuggets

Search Engine Tools (8 min)
Keith reviews and demonstrates search engine tools that can be used in passive footprinting of a target

Hacking using Google (12 min)
Keith describes and demonstrates using additional operators within Google, for the purpose of gaining more footprinting information regarding targets. Please download the NuggetLab files, and do the homework Keith assigns in this Nugget

Website Recon Tools (13 min)
Keith demonstrates tools as examples of what can be used to extract data directly from a target's website

Metagoofil Metadata Tool (3 min)
Keith describes and demonstrates the use of Metagoofil to collect and extract metadata from pdf docs and other publicly available files, as well as how to create a report about a target company

Email Headers for Footprinting (5 min)
Keith demonstrates EmailTrackerPro, an example of a tool that can extract reconnaissance information from email headers

Using WHOIS for Recon (4 min)
Keith demonstrates using WHOIS in the command line and online services, as well as an application running on a PC

DNS Tools (12 min)
Keith demonstrates using Command Line Interface (CLI) and Graphical User Interface (GUI) tools to extract information from Domain Name System (DNS

Network Scanning Overview (3 min)
Keith describes the main objective and concepts for performing direct network scanning, as part of the second phase of hacking

Network Scanning Methodology (9 min)
Keith shares the 8-step network scanning methodology

Port Discovery (11 min)
Keith discusses and demonstrates the discovery of open ports, along with a few methods for finding them

Network Scanning Tools (3 min)
Keith assigns videos 13, 31, and 32 on the topics of Nmap, Scapy, and hping3, from the Penetration Testing with Linux Tools course

Stealth Idle Scanning (10 min)
Keith describes and demonstrates how an idle scan can be used to determine open ports on a host, without direct interaction with that host from the attacker's IP address

OS and Application Fingerprinting (10 min)
Knowing the specifics for the versions and flavors of an operating system and/or applications running on a host can lead to knowing which vulnerabilities may exist on that host. In this Nugget, Keith explains and demonstrates techniques, including banner grabbing, which can be used to collect that data

Vulnerability Scanning (8 min)
Having a tool that can identify a system's potential vulnerabilities is useful both to the network engineer and to the hacker. Keith demonstrates an example of a popular vulnerability assessment tool named Nessus. Practice what you learn in these Nuggets in your own home lab

Network Mapping Tools (5 min)
Having a utility that can dynamically create network topology diagrams can be useful for both the administrator and the hacker. Keith demonstrates a tool from Solarwinds called Network Topology Mapper

Proxy Servers (8 min)
Proxy services can be used to hide the attacker's address. In this Nugget, Keith explains how proxies can be chained together to increase the effectiveness of disguising the attacker

Using Public Proxy Services (6 min)
Using Internet-based proxy services is as easy as the tools that enable it. Keith demonstrates an example of how to use an Internet proxy

Enumeration Concepts (5 min)
Keith describes what enumeration does — and typical protocols used to provide that information

NetBIOS Enumeration (11 min)
Keith demonstrates gathering details provided through NetBIOS

SNMP Enumeration Concepts (10 min)
Keith discusses some of the security weaknesses in Simple Network Management Protocol (SNMP), and demonstrates the preparation of the lab environment for SNMP enumeration

SNMP Enumeration Tools (10 min)
Using the many tools for SNMP enumeration can be very useful for a hacker. In this Nugget, Keith demonstrates several GUI and CLI tools for extracting information from devices on the network

LDAP Enumeration Concepts (5 min)
Keith describes some defaults used by Lightweight Directory Access Control (LDAP), and demonstrates preparing the lab 2012 server to support it

LDAP Enumeration Example (7 min)
Keith demonstrates JXplorer, an LDAP enumeration tool.

NTP Enumeration (7 min)
Keith describes and demonstrates tools that can be used for learning more information about the network and topology using Network Time Protocol (NTP)

SMTP Enumeration (8 min)
Keith describes and demonstrates tools that can be used to perform enumeration leveraging the Simple Mail Transfer Protocol (SMTP)

System Hacking Overview (9 min)
Keith introduces the phases for "System Hacking," along with the goals and some of the tools used to accomplish those goals

Password Cracking Concepts (10 min)
Keith provides an overview of methods that can be used to compromise passwords on a system

Password Attack Example: MITM and Sniffing (13 min)
Keith explains and demonstrates using Cain and Abel to discover passwords that are sent in plain text

Rainbow Crack Lab Setup (8 min)
Keith walks you through modifying the lab and downloading tools in preparation for dumping the SAM database, generating a rainbow table and cracking a password

Rainbow Crack Demonstration (8 min)
Keith demonstrates dumping the SAM database, creating a rainbow table, and then cracking a password

Password Reset Hacking (8 min)
Keith explains and demonstrates booting from a CD to reset the password of a user account on a Windows system

DHCP Starvation (10 min)
Keith demonstrates how to perform a DHCP starvation attack, which could be used prior to implementing a rogue DHCP server. The attacker's DHCP server could then contain malicious options for the client, such as the attacker's IP address as default gateway and DNS server

Remote Access (15 min)
Keith demonstrates how an application that is run on a victim's computer can provide remote access for the attacker. This Nugget also demonstrates how tools can modify file attributes, in an attempt to cover the attacker's tracks

Spyware (9 min)
Keith describes and demonstrates how damaging malware, including spyware, can be on a system.

NTFS Alternate Data Streams Exploit (9 min)

Steganography with OpenPuff (7 min)
Keith describes and demonstrates how the art of hiding a file, within another file (A.K.A. Steganography) can be used to hide files

Steganography with SNOW (5 min)
Keith demonstrates using the application of SNOW to hide secret messages as whitespace in a simple text document

Covering Tracks (7 min)
Keith describes and demonstrates how an attacker may manipulate auditing and log files, in an attempt to be undetected

Malware Overview (10 min)
Keith talks with you about the functions, types, and methods for installation that Malware can use

Trojan Overview (10 min)
Keith describes and demonstrates the concepts and use of trojan software

Creating a Trojan (11 min)
Keith demonstrates using the Social Engineering Toolkit (SET) to create, run, and verify a trojan

Virus Overview (13 min)
Keith discusses the characteristics, stages, and types of viruses

Virus Creation (8 min)
Keith demonstrates how to create a virus

Detecting Malware (17 min)
Keith describes how to and where to look when investigating malicious software that may be installed on your system

Malware Analysis (10 min)
Keith describes and demonstrates some methods to analyze Malware

Hash File Verification (8 min)
Keith demonstrates how to verify the data integrity of a downloaded file by performing a verification of the hash

Sniffing Overview (12 min)
Keith discusses some of the concepts, types, and methods used to "sniff" a computer network

CAM Table Attack and Port Security (10 min)
Keith demonstrates a Content Addressable Memory (CAM) table attack on a Layer 2 switch, along with how to protect against it using port security on the switch

DHCP Snooping (14 min)
Keith describes the problem of a malicious DHCP server — and how to solve it using DHCP snooping, a feature on a layer 2 Cisco switch

Dynamic ARP Inspection (DAI) (14 min)
Keith describes and demonstrates the use of Dynamic ARP Inspection (DAI) on a Cisco switch to prevent ARP poisoning

Social Engineering (15 min)
Keith discusses several methods, techniques, and phases used in social engineering, one of the most effective ways to compromise a system

Denial of Service (DoS) Attacks (19 min)
Keith describes several methods and categories of both Denial of Service (DoS) and Distributed DoS (DDoS) attacks

Session Hijacking (18 min)
Keith discusses methods and techniques used for session hijacking

Hacking Web Servers (10 min)
Keith discusses and demonstrates hacking a web server

Buffer Overflow (13 min)
Keith describes the concepts, risks, and countermeasures regarding buffer overflow attacks

OWASP Broken Web Application Project (13 min)
Keith demonstrates how OWASP's Broken Web Application VM can be downloaded and used to both learn about, and get hands-on experience with, the top web application security risks on the Internet today

Shellshock (6 min)
Keith describes the shellshock bash shell vulnerability

SQL Introduction (9 min)
Keith describes several fundamentals of Structured Query Language (SQL). Knowing this will assist you in better understanding SQL Injection attacks, which we address in the next Nugget

SQL Injection (16 min)
Keith discusses several methods and types of SQL injection attacks

Web App Vulnerabilities: WordPress (10 min)
Keith demonstrates enumeration and password cracking against WordPress, a popular blogging web application

Wireless Hacking (18 min)
Keith discusses wireless fundamentals, hacking, and best practices for WiFi

Using an Android VM (4 min)
Keith walks you through adding a Virtual Machine (VM) of an Android device to the lab network

Malware for Mobile (11 min)
Keith demonstrates creating and deploying a malicious app for the Android operating system

Mobile Device Risks and Best Practices (13 min)
Keith discusses security risks that are common to mobile devices, and some steps that can be taken to improve their security

Firewall Evasion (19 min)
Keith describes firewall methodologies, topologies, and how a hacker may evade the controls implemented in a firewall

Firewall ACL Example (15 min)
Keith walks through the process of how Access Control Lists (ACLs) can be used as a technical control on networking devices, such as a firewall

NAT and PAT fundamentals (11 min)
Keith discusses Network Address Translation (NAT) and Port Address Translation (PAT). Understanding how NAT and PAT can hide the internal and DMZ addresses from the Internet is useful for securing the network

IDS/IPS Evasion (17 min)
Keith provides an overview of how Intrusion Detection/Prevention Systems operate, and how attackers can attempt to bypass them

Honeypots (12 min)
Keith describes and demonstrates the use of a honeypot on a network

Cloud Computing (23 min)
Keith describes cloud services including security concerns

CIA: Confidentiality, Integrity, and Availability (3 min)
Keith discusses key factors regarding information security

Policies (9 min)
Keith discusses the policies that are created by senior management, and how they govern the use of controls in a system

Quantifying Risk (6 min)
Keith explores methods and formulas that can be used when calculating risk

Separation of Duties (13 min)
Keith discusses the administrative control known as Separation of Duties

Symmetrical Encryption Concepts (14 min)
Keith discusses methods and use cases for symmetrical encryption

Asymmetrical Encryption Concepts (16 min)
Keith discusses encryption technologies that use an asymmetrical key pair for cryptography

Control Types (11 min)
Keith explores various control types used to assist in protecting information systems and sensitive data

Multifactor Authentication (12 min)
Keith discusses the three different factors categories, and several examples of biometric authentication

Centralized Identity Management (13 min)
Maintaining thousands of user accounts is no small feat. In this Nugget, Keith explains several options for performing centralized user identity management

Kerberos and Single Sign On (SSO) (17 min)
Keith explores the methods that Microsoft's Active Directory uses Kerberos for Single Sign On (SSO). Methods to improve the security of a SSO system are also included in this Nugget

Backups and Media Management (9 min)
Keith discusses backups with an eye toward having reliable methods to restore data, as well as protecting the data that is backed up

Operations Security Controls (14 min)
Keith provides explanations and examples of control types used in operational security, along with their functions

Physical Security Controls (11 min)
Keith describes several physical security controls that can be used by a company for their security or bypassed by the hacker to evade the security measures

Incident Response (12 min)
Keith explores several items that should be part of an incident response plan

VPNs (21 min)
Keith describes the types and technologies used for virtual private networking

Disaster Recovery Planning (13 min)
Keith discusses the concepts of disaster recovery (DR) and business continuity (BC)

Pen Testing Tips (10 min)
Keith shares a few recommendations to help keep you out of trouble when performing penetration testing

Useful Tools (11 min)
Keith points out a few categories, and demonstrates examples of useful tools in network and system analysis, as well as hacking

Case Study (21 min)
Keith introduces and reviews several security-related concepts regarding apps, policies, and IDS/IPS

Additional Resources and Exam Prep (8 min)
Keith shares some additional resources that can be used to improve your skills and knowledge, as well as where to go for the latest requirements regarding certification from EC-Council